Mailing-List: contact user-help@roller.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@roller.apache.org
Received-SPF: pass (athena.apache.org: local policy)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C855FC.DA0DB03E"
Subject: RE: restrict logins to IP range
Date: Sun, 13 Jan 2008 15:56:25 -0000
Message-ID: <A38504E6799D264CB749589A6C1DC3AD8CD5AB@CLUSTER-XCH1.RTEGROUP.IE>
Thread-Topic: restrict logins to IP range
Thread-Index: AchUyrXzEid2/46CQyqMZNMCA0x0LgBMQoFV
References: <BAY122-W27143A18EC8BE9761696B4CF480@phx.gbl>
 <8fb9ac720801111924je0cd96ag2a5523b92c2a7612@mail.gmail.com>
From: "Moylan John" <John.Moylan@rte.ie>
To: <user@roller.apache.org>,
	<user@roller.apache.org>

------_=_NextPart_001_01C855FC.DA0DB03E
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

My LocationMatch regex got removed somewhere on route to the mailing list. =
I had been trying to restrict access to login.do only.

However, this is not easy to do because security_check.jsp does a redirect =
and Apache thinks all requests are coming from internal addresses. The best=
 solution I found was to have two virtualhosts, one listening on port 80 th=
e other on port 443.
The port 80 host is available to outside users via the firewall but uses mo=
d_rewrite conditions to proxy only certain pages.
The virtual server on port 443 is made available to internal users only, ag=
ain via the firewall. The port 443 host has the entire roller application m=
ounted and encrypts account credentials using mod_ssl.


J


-----Original Message-----
From: Dave [mailto:snoopdave@gmail.com]
Sent: Sat 1/12/2008 03:24
To: user@roller.apache.org
Subject: Re: restrict logins to IP range
=20
On Jan 8, 2008 10:14 AM, john moylan <eieieieieieieieieiei@hotmail.com> wro=
te:
> I'm using Roller 3.1 with Apache 2.0, JBoss 4.05 and mod_jk on Linux.
> I am trying to restrict access so that users can only login from a single=
 ip range.
> I have tried using the LocationMatch directive in apache, eg:
>         Order Deny,Allow
>         Deny from All
>         Allow from 192.168.
>
> But this does not seem to have any effect.
>
> Can anyone explain the best way to restrict logins to certain IP ranges?

I don't know enough Apache HTTPD conf to help. That's probably a
question for the HTTPD mailing list.

But, if you deny access from all like that you'll be completely
preventing access, not just preventing logins. Is that really what you
want to do?

- Dave

***********************************************************
The information in this e-mail is confidential and may be legally privilege=
d=2E
It is intended solely for the addressee. Access to this e-mail by anyone el=
se
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution, or any action taken or omitted to be taken in relian=
ce
on it, is prohibited and may be unlawful.
Please note that emails to, from and within RT=C9 may be subject to the Fre=
edom
of Information Act 1997 and may be liable to disclosure.
************************************************************

------_=_NextPart_001_01C855FC.DA0DB03E--